check_for_spam_reply_to() uses get_address_commonality_ratio(), which checks 
to see how many characters the two addresses have in common.  Why not compare 
the domains of the hosts for equality?  Take the last three parts of the 
hostname for two letter TLDs ("foobar.co.uk") and the last two parts for 
everything else ("foobar.info") and compare them.

I'm guessing that there's places that either have different TLDs in their 
Reply-To (sent from "foobar.com" and reply to "foobar.net"), or have slightly 
different general domains (sent from "foobar1.com" and reply to 
"foobar2.com").  How common is this?  How many false positives would be 
gotten if the domain names were compared for complete equality?

Also, why are the user names included in the comparison?  If the from and 
reply-to user names are long and very different, but come from the exact same 
domain, I wouldn't consider this spamish, but it might set of the rule as it 
currently stands.

-- 
Visit http://dmoz.org, the world's   | Give a man a match, and he'll be warm
largest human edited web directory.  | for a minute, but set him on fire, and
                                     | he'll be warm for the rest of his life.
[EMAIL PROTECTED]  ICQ: 132152059 |

_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to